package com.luoyx.hauyne.admin.config;

import lombok.extern.slf4j.Slf4j;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

import static com.luoyx.hauyne.admin.api.sys.UserAPI.LOGIN_LOOKUP;

/**
 * Spring Security配置
 *
 * @author Alan.Luo
 * @since 2020/5/10 20:45
 * @EnableWebSecurity 开启Web保护功能
 * @EnableGlobalMethodSecurity(prePostEnabled = true) 开启在方法上的保护功能
 */
@Slf4j
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring()
                .antMatchers(
                        LOGIN_LOOKUP,
                        "/userInfo/**",
                        "/sys/roles/test"
                )
                .antMatchers(HttpMethod.POST, "/sys/login-histories");
    }
}